I'm using the following query string.
query_string : {
fields : ["field1", "field2"],
query : "*testing\(*"
}
But getting the following error:
"msg": "[query_parsing_exception] Failed to parse query [testing(], with { index=someindex line=1 col=166 }",
"path": "/somepath",
"query": {},
"body": "{\"query\":{\"bool\":{\"must\":[{\"query_string\":{\"fields\":[\"buildName\",\"programName\",\"sites\",\"taskName\",\"assignedTo\",\"currentStatus\",\"name\",\"dueDate\"],\"query\":\"testing(\"}},{\"missing\":{\"field\":\"deleted\"}}],\"must_not\":{\"match\":{\"currentStatus\":\"Completed\"}}}},\"from\":0,\"size\":\"10\",\"sort\":[{\"dueDate\":{\"order\":\"asc\"}}]}",
"statusCode": 400,
"response": "{\"error\":{\"root_cause\":[{\"type\":\"query_parsing_exception\",\"reason\":\"Failed to parse query [testing(]\",\"index\":\"someindex\",\"line\":1,\"col\":166}],\"type\":\"search_phase_execution_exception\",\"reason\":\"all shards failed\",\"phase\":\"query\",\"grouped\":true,\"failed_shards\":[{\"shard\":0,\"index\":\"someindex\",\"node\":\"0v5EQ99oRWeZfN0WIU59wA\",\"reason\":{\"type\":\"query_parsing_exception\",\"reason\":\"Failed to parse query [testing(]\",\"index\":\"someindex\",\"line\":1,\"col\":166,\"caused_by\":{\"type\":\"parse_exception\",\"reason\":\"Cannot parse 'testing(': Encountered \\"
}
I've used "\" to escape the special character "(". Can't I use special characters with wildcards?
Any suggestions?
Not sure @kaustav1992, but you'll get a lot more help asking this question at the elasticsearch user forums
@kaustav1992 I just ran into this need and built this function to escape user-provided values going into query_string. I think it's what you were asking for.
function sanitizeValue(value) {
return value
.replace(/[<>]/g, ``)
.replace(/([+-=&|><!(){}[\]^"~*?:\\/])/g, '\\$1')
}
@spalger This is needed when you're hand-rolling queries like foo.bar.baz:${ sanitized(value) } AND foo.bar.bat:${ sanitized(example) } where value and example are user-provided and might result in malformed queries pretty easily. I don't think it belongs in elasticsearch-js unless we provide it as some sort of helper as-is, but it definitely should be somewhere. I'm certain/hopeful Kibana does this in a few places
Kibana should only be using the JSON search DSL when consuming user input.
client.search({
body: {
query: {
bool: {
must: [
{ term: { "foo.bar.baz": value } },
{ term: { "foo.bar.bat": example } }
]
}
}
}
})
Most helpful comment
@kaustav1992 I just ran into this need and built this function to escape user-provided values going into
query_string. I think it's what you were asking for.